无法注销身份MVC 5（有时） [英] Can't logoff identity MVC 5 (sometimes)

问题描述

我们的网站有时会决定你不能注销，大部分工作时间。下面是事情的基本胆量。我所看到的远程服务器和本地测试使用VS.在这个问题上与Chrome和IE它甚至决定要足够长，与当地的测试，试图迫使明确删除会话/抛弃所有的cookie的日期设置为-1天的一个问题。没有帮助。

Our website sometimes decides you can't log out, most of the time it works. Below are the basic guts of the matter. I have seen this problem with Chrome and IE on remote server and local testing using VS. It even decided to be a problem long enough with local testing to try to force deleting the session with clear/abandon and setting all the cookie dates to -1 day. Did not help.

只要我做F12注意并清除该域名的cookies问题停止，用户注销。我有改变SignOut（...），因为你看到它和输出参数，没有任何变化。同样，这只是偶尔发生这么难的考验。

Note as soon as I do F12 and clear the cookies for the domain the problem stops and the user is logged off. I have change the SignOut(...) as you see it and with out parameters, no change. Again this only happens sometimes so hard to test.

这似乎是系统无法删除该浏览器的cookie，但我看不出一个理由，并与不同的浏览器它使更少的感觉。

It seems like the system is unable to delete the cookies from the browser but I can't see a reason why and with different browsers it makes even less sense.

我知道这个环节，似乎是相似的：<一href=\"http://stackoverflow.com/questions/24167904/cannot-logoff-of-identity-mvc-5-application\">Cannot身份MVC 5应用程序的注销

I am aware of this link, seems similar: Cannot logoff of identity MVC 5 application

：建议什么尝试，或去哪里找，谢谢。

Suggests on what to try or where to look, thanks.

Login
var user = await UserManager.FindAsync(model.Email, model.Password);
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = true }, await user.GenerateUserIdentityAsync(UserManager));

[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult LogOff()
{
   AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
   return RedirectToAction("Index", "Home");
}

编辑：
展望铬F12-饼干。如果我只是删除了.AspNet.ApplicationCookie并尝试导航我登录的。 preSS注销选项仍然不起作用。我认为该cookie 14天后失效和日期不改变。真的好像不是默认的系统是不是要到期的cookie或不允许了。正源$ C ​​$ C这个产品尚未推出？

Looking in Chrome F12-Cookies. If I just delete the .AspNet.ApplicationCookie and try to navigate I am logged of. Press the logoff option still does not work. I sees that the cookie expires in 14 days and the date does not change. Really seems like either the default system is not trying to expire the cookie or is not allowed too. Is the source code for this available yet?

推荐答案

我想我知道问题是什么在这里 - 尽管我不知道如何解决它，这样的文件是为asp.net身份有时混乱（

I think I know what the problem is here - although I'm not sure how to fix it, such is the mess of documentation for asp.net identity sometimes ;(

我有完全一样的症状。问题的关键是，你用一个 SecurityStampValidator 验证并重新创建（如果需要的话）你的cookie？

I had exactly the same symptoms. The key issue is, do you use a SecurityStampValidator that verifies and recreates (if needed) your cookie?

我做的，而我被设定为非常频繁验证（从我Startup.auth）：

I do, and mine is set to validate very frequently (from my Startup.auth):

Provider = new CookieAuthenticationProvider
{
    // Enables the application to validate the security stamp when the user logs in.
    // This is a security feature which is used when you change a password or add an external login to your account.  
    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, User, int>(
        validateInterval: TimeSpan.FromMinutes(1), 
        regenerateIdentityCallback: (manager, user) =>
        {
            return user.GenerateUserIdentityAsync(manager);
        },
        getUserIdCallback: id => (int.Parse(id.GetUserId()))
        ),
},

所以假设你有类似code - 你怎么重建。简单 - 登录，打在你的应用程序页面，然后等待定义validateInterval失效 - 所以对我来说，等待1 minue。 1分钟后，注销。的景气的。我不会退出。

现在，这里的问题是，GenerateUserIdentiyAsync方法再现您的身份验证cookie，则signout发生之后。我已经验证了与记录 - 在 _authenticationManager.SignOut（DefaultAuthenticationTypes.ApplicationCookie）; 在我注销等动作发生，然后Cookie会再生。卫生署。

Now, the issue here is that the GenerateUserIdentiyAsync method RECREATES your auth cookie, right after the signout has happened. I've verified that with logging - the _authenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie); in my LogOff action is happening, and then the cookie gets regenerated. Doh.

如何修复 - 好明显的事情是增加validateInterval，但影响安全 - 如果有人登录到2台电脑，并更改其密码，我想这两个帐户被注销pretty快速 - 这是这是什么一样

How to fix - well the obvious thing is to increase the validateInterval, but that impacts security - If someone is logged on to 2 computers, and changes their password, I'd like both accounts to be logged out pretty swiftly - which is what this does.

所以，这是（可能）的原因。对不起，我不能提供一个很好的修复：（

So, that's (probably) the cause. Sorry I can't offer a nice fix :(

这篇关于无法注销身份MVC 5（有时）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！